While containers gain in popularity for software deployments, one company is still betting on virtual machines — or more specifically, tiny virtual machines. NanoVMs is a unikernel platform designed to remove the operating system and prevent other programs from running on them — unlike containers that need to be placed on top of generic operating systems such as Linux.
According to Ian Eyberg, CEO of NanoVMs, this is incredibly important when it comes to security.
The company was previously known as DeferPanic, but recently rebranded to NanoVMs to signify it was moving away from application performance monitoring and moving towards unikernel technology.
Eyberg explained that organizations are having a hard time keeping their containerized initiatives secure. The problem is that the name containers itself implies they contain things. “It gives us a false sense of security because people think that it provides security isolations, but it doesn’t,” said Eyberg. While containers add on security, Eyberg said they are not strong enough measures for the Internet and leave data vulnerable to hackers.
Unikernels, on the other hand, enable teams to run multiple apps on one server and protects applications from remote code execution attacks. According to Eyberg, unikernels have a four-point security model:
- It provides single process systems
- Removes the notion of users
- Removes shells
- It uses a small amount of code, which reduces its attack surface.
“Politicians talk about rebuilding bridges and roads, but no one talks about the abysmal state of software infrastructure or the fact that the vast majority of our operating systems in use are over 40 years old, even though there is a new headline every single day about yet another data breach,” said Eyberg. “Unikernels shut down hackers’ abilities to violate applications and they are more efficient than virtual machines and even containers.”
In addition to security, Eyberg believes unikernels also provide better performance and cost reductions over containers and traditional virtual machines. Unikernels have little to no system calls and context switching, which provides faster boot times and uses less system resources, according to Eyberg. There are also fewer servers needed to accomplish similar tasks as virtual machines.
However, Eyberg does say there are some limitations with unikernels at the moment. For instance, unikernels do not work well with big public cloud providers; but he still thinks it is a technology worth looking at.
“NanoVMs makes your applications easier to maintain, extremely hard to exploit and dramatically increases your application to hardware ratio well beyond traditional hypervisor and container technologies,” Ron Gula, founder of cyber exposure company Tenable, said on the NanoVMs’ website.